CN112328626B - Searchable encryption method facing cloud environment and supporting fuzzy keyword sequencing - Google Patents

Searchable encryption method facing cloud environment and supporting fuzzy keyword sequencing Download PDF

Info

Publication number
CN112328626B
CN112328626B CN202011174402.5A CN202011174402A CN112328626B CN 112328626 B CN112328626 B CN 112328626B CN 202011174402 A CN202011174402 A CN 202011174402A CN 112328626 B CN112328626 B CN 112328626B
Authority
CN
China
Prior art keywords
index table
fuzzy
data user
keyword
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011174402.5A
Other languages
Chinese (zh)
Other versions
CN112328626A (en
Inventor
舒港琪
洪海波
谢满德
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Zhejiang Gongshang University
Original Assignee
Zhejiang Gongshang University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Zhejiang Gongshang University filed Critical Zhejiang Gongshang University
Priority to CN202011174402.5A priority Critical patent/CN112328626B/en
Publication of CN112328626A publication Critical patent/CN112328626A/en
Application granted granted Critical
Publication of CN112328626B publication Critical patent/CN112328626B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Storage Device Security (AREA)

Abstract

The searchable encryption method for supporting fuzzy keyword sequencing for the cloud environment has higher efficiency and more practical significance. The invention comprises the following steps: the system is established and initialized to generate public parameters, a master key and a secret key; the data owner extracts a keyword set according to the plaintext document set, generates a reverse index table and a fuzzy index table and sends the reverse index table and the fuzzy index table to the cloud server; the data owner encrypts the plaintext document set by using the master key to generate a ciphertext document set and sends the ciphertext document set to the cloud server; constructing a trap door by a data user, encrypting the trap door and sending the encrypted trap door to a cloud server; after the cloud server receives the encrypted trapdoors, the trapdoors are obtained through decryption by using a private key, and the required documents are ordered according to the relevancy and sent to a data user; the data user sends the attribute set of the data user to the trusted authority, and if the attribute set can pass the access control structure, the trusted authority sends the decryption key to the data user; and the data user decrypts the ciphertext document set to obtain the required plaintext document.

Description

Searchable encryption method facing cloud environment and supporting fuzzy keyword sequencing
Technical Field
The invention relates to a searchable encryption method supporting fuzzy keyword sequencing and oriented to a cloud environment.
Background
With the development of big data and cloud computing, more and more users and enterprises choose to store data on a cloud server in an encrypted manner. To retrieve data of interest to them, the key technology of searchable encryption may be employed. Sometimes, the data owner wishes to share encrypted data to certain users without revealing privacy.
In the prior art, searchable encryption schemes are generally divided into symmetric searchable encryption and asymmetric searchable encryption. The efficiency of the symmetric searchable encryption is higher than that of the asymmetric searchable encryption, but the asymmetric searchable encryption is suitable for a scene shared by multiple persons and more practical, because the symmetric searchable encryption requires a data user to share an own encryption key with a multi-bit data user, the security of the key is greatly reduced, and the efficiency of a scheme is greatly reduced by only introducing a public key cryptosystem in the searchable encryption. Therefore, how to design a searchable encryption scheme with higher efficiency and more practical significance has become a focus of attention in the field of cryptography.
Disclosure of Invention
The invention aims to overcome the defects in the prior art, provides a searchable encryption method facing the cloud environment and supporting fuzzy keyword sequencing, designs a new fuzzy keyword searchable attribute-based encryption scheme supporting sequencing, and has higher efficiency and more practical significance.
The technical scheme adopted by the invention for solving the problems is as follows:
a searchable encryption method facing cloud environment and supporting fuzzy keyword sequencing is characterized in that: the method comprises the following steps:
firstly, establishing and initializing a system, and generating a public parameter PP, a master key MK and a key K;
step two, generating an index: the data owner sets D ═ D according to the plaintext document set 1 ,D 2 ,...,D n Extracting a keyword set W ═ W } ═ W 1 ,W 2 ,...,W m Generating a reverse index table and a fuzzy index table, and sending the reverse index table and the fuzzy index table to the cloud server;
step three, an encryption stage: the data owner encrypts the plaintext document set D by using the master key to generate a ciphertext document set CT, and sends the ciphertext document set CT to the cloud server;
step four, a trapdoor generation stage: constructing a trapdoor by a data user, encrypting the trapdoor and sending the trapdoor to a cloud server;
step five, retrieval stage: after the cloud server receives the encrypted trapdoors, the trapdoors are obtained through decryption by using a private key of the cloud server, and the required documents are ordered according to the relevancy and sent to the data user;
step six, key obtaining stage: the data user sends the attribute set of the data user to the trusted authority, and if the attribute set of the data user can pass through the access control structure, the trusted authority sends the decryption key to the data user; otherwise returning to T;
step seven, a decryption stage: and the data user decrypts the returned ciphertext document set to obtain the required plaintext document.
In the first step of the invention, the public parameter generation step is as follows:
(1) the data owner runs the setup function and selects an order primeBilinear group G with number p and generator G 0 Then from the minimal non-negative complete set of residuals Z of the prime number p p Selects three random numbers alpha, beta, r, and then issues common parameters
PP=G 0 ,g,h=g β ,e(g,g) α
(2) Setting the Master Key MK to (. beta., g) α ) Then, a security parameter λ is selected, and a key K ═ 0, 1 is generated λ
(3) The data owner specifies the access control structure tau.
The access control structure tau of the invention is a tree, and each leaf node in the tau is composed of an attribute and a threshold k x 1 is formed; a non-leaf node is a threshold gate consisting of its child nodes and a threshold; set num x Is the total number of child nodes, k, of node x in the tree x Is the threshold value, and k is set to 0. ltoreq. k x ≤num x If k is x 1, the threshold gate is an OR gate, if k x =num x AND the threshold gate is an AND gate.
The steps of generating the reverse index table of the invention are as follows:
(1) setting the order of the reverse index table to (n +1) × (m + 1);
(2) setting the element of the first column (i +1, 1) coordinate of the inverted index table as the encrypted document Enc K (id(D i )),1≤i≤n;
(3) Setting the element of the first row (1, j +1) coordinate of the reverse index table as an encrypted English keyword Enc K (W j ),1≤j≤m;
(4) Document D for elements of the remaining (i +1, j +1) coordinates in the inverted index table i And a keyword W j Correlation score RF (W) of (2) j ,D i ) Filling;
(5) multiplying RF (W) by a random number r j ,D i );
(6) An inverted index table is generated.
The method for generating the fuzzy index table comprises the following steps:
(1) setting a fuzzy index table to be of (Q +1) × (m +1) order;
(2) chinese keyword w according to Shingle method j Shingle is vector S' j
(3) Performing Q times of minimum hash calculation on the vector S by using Q MinHash functions to obtain Q real numbers, and forming a signature vector by using the Q real numbers;
(4) setting the element of the first row (1, j) coordinate of the fuzzy index table as an encrypted English keyword Enc K (W j ),1≤j≤m;
(5)
Figure GDA0003734379610000031
(6) And generating a fuzzy index table.
The document encryption method comprises the following steps:
selecting a polynomial q for each node x (including leaf nodes) in the access control structure tau x (ii) a Traversing the whole access tree from top to bottom starting from the root node R of the access control structure tau, and enabling the polynomial q x Degree d of x Threshold k of node x x Small 1, i.e. d x =k x -1;
Starting from the root node R, the algorithm selects a random number s ∈ Z p Let q be R (0) S, then randomly select d R Defining other points; for any other node x, let q x (0)=q parent(x) (index (x)), and selecting the other d x Points are defined; let Y be the leaf node of τ, the document will encrypt according to the access tree line of sight, compute the ciphertext CD:
Figure GDA0003734379610000041
wherein, the ciphertext CT ═ C 1 ,C 2 ,...,C n ,C i =D i e(g,g) αs ,1≤i≤n。
The trap door is constructed as follows:
1) representing the Chinese keyword w into a banded set;
2) generating the same random vector S' according to the strip set;
3) generating a signature vector T by using the same Q min hash functions;
4) randomizing the signature vector T to obtain a vector T';
5) calculating the Euclidean norm d (T, T');
6) and generating a trap door T according to the vector T', the Euclidean norm d and the total number mun of the required documents W
The trap door obtaining method comprises the following steps:
1) cloud server decrypts trapdoor T with own public key w Obtaining an Euclidean norm d, a vector T' and a required document total number num;
2) the expansion vector T' is a set L;
3) converting each signature vector T stored in the fuzzy index table into a set L ', and calculating the Jaccard similarity JS between the set L and the set L'; provided JS ≠ 0, the two sets are similar, provided JS ≠ 0, calculating the euclidean norm d 'between the signature vectors T and T';
4) the error between the Euclidean norm d' and the Euclidean norm d of the keyword does not exceed a threshold value epsilon;
5) and acquiring corresponding documents according to the reverse index table, acquiring the relevance scores of the documents and the keywords in the reverse index table, and sending the documents to the data user in an ordered manner according to the rule that the relevance scores are from large to small.
The concrete process of the sixth step of the invention is as follows: the trusted authority receives the attribute set Att, and if the attribute can be accessed to the control structure, the trusted authority selects a random number a E Z p And selecting a random number a for each attribute k ∈ Att k ∈Z p
Calculating a secret key
Figure GDA0003734379610000051
Introducing a recursive algorithm DecryptNode (CD, SK, x), and if the node x is a leaf node, enabling the node x to be a branch node
i Att (x), if i ∈ Att, then
Figure GDA0003734379610000052
If it is used
Figure GDA0003734379610000053
DecryptNode(CD,SK,x)=⊥。
When x is not a leaf node, assuming z is all the child nodes of x, DecryptNode (CD, SK, z) is computed, and the output is stored as F z Let S stand out x Is of arbitrary size K x Is such that F z And ≠ T. If no such set exists, then the function returns ≠ T. Otherwise, calculating
Figure GDA0003734379610000054
Let a be DecryptNode (GD, SK, x).
Trusted authority TAC sending
Figure GDA0003734379610000061
To the data user.
In step seven of the present invention, decryption is performed by the following formula:
CT/(e(C,R)/A)=CT/(e(h s ,g (α+a)/β )/e(g,g) as )=D。
compared with the prior art, the invention has the following advantages and effects:
(1) and realizing keyword search of the data owner. The data user encrypts the document with his/her own key and then uploads it to the cloud server, so he/she can search for the relevant ciphertext document and decrypt it.
(2) And realizing keyword search of data users. By introducing an attribute set encryption scheme based on a ciphertext strategy into a symmetric searchable encryption scheme, the invention can solve the problem that data cannot be shared with a plurality of users. The attribute of the data user can obtain the decryption key as long as the attribute can pass the access control policy of the trusted certificate authority.
(3) And (5) fuzzy keyword searching. The invention considers almost all typing errors, thus realizing fuzzy search, leading the user to obtain more meaningful and more accurate results, and avoiding the problem that the user can not search related documents because of typing one letter by mistake.
(4) A probabilistic trapdoor. The invention is based on probabilistic trapdoors, so that indistinguishable attacks can be resisted, and the privacy of outsourced documents and search queries can be protected.
(5) And (5) sorting the documents. The invention uses the Relevance Frequency formula to calculate the relevancy of the keywords and the documents, so that the documents can be ranked. The data consumer can thus obtain the top-k documents that are most needed.
Detailed Description
The present invention is further illustrated by the following examples, which are illustrative of the present invention and are not to be construed as being limited thereto.
In this embodiment, a searchable encryption method supporting fuzzy keyword ranking for a cloud environment includes the following steps:
firstly, establishing and initializing a system, and generating a public parameter PP, a master key MK and a key K;
and (3) generating common parameters: bilinear group G with input order p and generator G 0 And a safety parameter lambda, the output common parameter PP ═ G 0 ,g,h=g β ,e(g,g) α The master key MK ═ β, g α ) Key K ← {0, 1} λ
The specific process is as follows:
(1) the data owner runs the setup function, selects a prime number p of order, and generates a bilinear group G of element G 0 Then from the minimal non-negative complete residual coefficient set Z of the prime number p p Selects three random numbers alpha, beta and r, and then issues common parameters
PP=G 0 ,g,h=g β ,e(g,g) α
(2) Setting the Master Key MK to (. beta., g) α ) Then a security parameter lambda is selected to generate a key
K=(0,1) λ
(3) The data owner specifies the access control structure tau. τ is a tree, each leaf node in τ is defined by an attribute and a threshold k x 1. A non-leaf node is a threshold gate made up of its child nodes and a threshold. Set num x Is the total number of child nodes, k, of node x in the tree x Is the threshold value, set to 0 ≦ k x ≤num x If k is x 1, the threshold gate is an OR gate, if k x =num x AND the threshold gate is an AND gate.
Step two, constructing an index: data owner from clear text document set D ═ D 1 ,D 2 ,...,D n Extracting a keyword set W ═ W 1 ,W 2 ,...,W m And generating a reverse index table and a fuzzy index table, and sending the reverse index table and the fuzzy index table to the cloud server.
(1) The steps of generating the reverse index table are as follows:
(11) calculating the correlation degree of the keywords and the documents by using a Relevance Frequency formula, wherein if n documents and m keywords exist, the constructed reverse index table is actually a matrix of (n +1) × (m + 1);
(12) the element of the first column (i +1, 1) of the inverted index table is set as the encrypted document number Enc K (id(D i )),1≤i≤n;
(13) Setting the element of the first row (1, j +1) of the inverted index table as the encrypted Chinese keyword Enc K (W j ),1≤j≤m;
(14) Document D for the rest elements (i +1, j +1) in the inverted index table i And a keyword W j Correlation score of RF (W) j ,D i ) Filling;
(15) masking RF (W) for improved security j ,D i ) Multiplying RF (W) by a random number r j ,D i );
(16) The generated inverted index table is shown in the following table:
Enc K (W 1 ) Enc K (W 2 ) Enc K (W m )
Enc K (id(D 1 )) r×RF(W 1 ,D 1 ) r×RF(W 2 ,D 1 ) r×RF(W m ,D 1 )
Enc K (id(D 2 )) r×RF(W 1 ,D 2 ) r×RF(W 2 ,D 2 ) r×RF(W m ,D 2 )
Enc K (id(D n )) r×RF(W 1 ,D n ) r×RF(W 2 ,D n ) r×RF(W m ,D n )
wherein RE (W) j ,D i ) 1≤j≤m,1≤i≤n Is a document D i And a keyword W j R is a random number.
(2) The step of generating the fuzzy index table is as follows:
(21) setting a fuzzy index table to be of (Q +1) × (m +1) order;
(22) chinese keywords w according to the Shingle method j Shingle is vector S' j
(23) MinHash function f: s → R may map a vector S to a real number R. Performing minimum hash on the vector S for Q times by using Q MinHash functions to form a signature vector;
(24) setting the first row (1, j) of the fuzzy index table as the encrypted Chinese keyword Enc K (W j ),1≤j≤m;
(25)
Figure GDA0003734379610000081
Figure GDA0003734379610000082
Expressed is a pair of terms w j Generated random vector S' j And performing minimum hash once to obtain a real number R.
(26) The fuzzy index table generated is as follows:
Figure GDA0003734379610000091
thirdly, the data owner encrypts the plaintext document set D by using the master key to generate a ciphertext document set CT, and sends the ciphertext document set CT to the cloud server; the encryption process is as follows: input plaintext document D ═ D 1 ,D2,...,D n Access tree tau, output ciphertext
Figure GDA0003734379610000092
Wherein the ciphertext document set CT ═ C 1 ,C 2 ,...,C n ,C i =D i e(g,g) as ,1≤i≤n。
The method comprises the following specific steps:
the data owner de-encrypts the document according to the access control structure tau. Selecting a polynomial q for each node x (including leaf nodes) in the access control structure τ x . Traversing the whole access tree from top to bottom starting from the root node R of the access control structure tau, and enabling the degree d of the polynomial qx x Threshold k of node x x Small 1, i.e. d x =k x -1。
Starting from the root node R, the algorithm selects a random number s ∈ Z p Let q be R (0) S, then randomly select d R And the other points are defined. For any other node x, let q x (0)=q parent(x) (index (x)), and selecting other d x Points are defined. Let Y be the leaf node of τ, the document will encrypt according to the access tree line of sight, compute the ciphertext CD:
Figure GDA0003734379610000101
wherein CT is C 1 ,C 2 ,...,C n ,C i =D i e(g,g) αs ,1≤i≤n。
The data owner sends the set of encrypted documents to the cloud server.
Step four, constructing a trapdoor:
data user runs Build _ Tracpool algorithm to generate probability Trapdoor T w The process is as follows:
1) representing the Chinese keyword w into a banded set;
2) generating the same random vector S' according to the strip set;
3) generating a signature vector T by using the same Q min hash functions;
4) randomizing the signature vector T to obtain a vector T';
5) calculating the Euclidean norm d (T, T');
6) generating a trapdoor Tw according to the vector T', the Euclidean norm d and the total number num of the required documents;
data owner will trap door T w And sending the encrypted data to a cloud server.
Step five, searching results:
after the cloud server receives the encrypted trapdoor, the trapdoor is obtained by decryption of a private key of the cloud server, and the obtaining steps are as follows:
1) cloud server decrypts trapdoor T with own public key w Obtaining Euclidean norm d, a vector T', and a required document total num;
2) the expansion vector T' is a set L;
3) converting each signature vector T stored in the fuzzy index table into a set L ', and calculating the Jaccard similarity JS between the set L and the set L'; provided JS ≠ 0, the two sets are similar, provided JS ≠ 0, calculating the euclidean norm d 'between the signature vectors T and T';
4) the error between the Euclidean norm d' and the Euclidean norm d of the keyword does not exceed a threshold value epsilon;
5) and acquiring corresponding documents according to the reverse index table, acquiring the relevance scores of the documents and the keywords in the reverse index table, and sending the documents to the data user in an ordered manner according to the rule that the relevance scores are from large to small.
Step six, obtaining a secret key:
the data user sends its attribute set Att to the trusted authority TAC, if the attribute set of the data user can pass the access control structure, the trusted authority sends the key to the data user; otherwise, returning to the position of T. The process is as follows:
the trusted authority receives the set Att of attributes, and if the attributes can access the control structure, the trusted authority selects a random number a E Z p And selecting a random number a for each attribute k ∈ Att k ∈Z p . Calculating a secret key
Figure GDA0003734379610000111
Introducing a recursive algorithm DecryptNode (CD, SK, x), and if the node x is a leaf node, enabling the node x to be a branch node
i Att (x), if i ∈ Att, then
Figure GDA0003734379610000112
If it is not
Figure GDA0003734379610000113
DecryptNode(CD,SK,x)=⊥。
When x is not a leaf node, assuming z is all the child nodes of x, DecryptNode (CD, SK, z) is computed, and the output is stored as F z Let S stand out x Is of arbitrary size K x Is such that F z And ≠ T. If no such set exists, then the function returns ≠ T. Otherwise, calculating
Figure GDA0003734379610000121
Let a be DecryptNode (CD, SK, x).
Trusted authority TAC sends ciphertext document set
Figure GDA0003734379610000122
To the data user.
And step seven, the data user decrypts the returned ciphertext document set to obtain the required plaintext document. The method comprises the following specific steps:
for dataThe user uses his own private key for decryption
Figure GDA0003734379610000123
Obtaining a plaintext document (A, C, R); decryption by:
CT/(e(CR)/A)=CT/(e(h s ,g (α+a)/β )/e(g,g) as )=D。
in addition, it should be noted that the specific embodiments described in the present specification may be different in the components, the shapes of the components, the names of the components, and the like, and the above description is only an illustration of the structure of the present invention. Equivalent or simple changes in the structure, characteristics and principles of the invention are included in the protection scope of the patent. Various modifications, additions and substitutions for the specific embodiments described may be made by those skilled in the art without departing from the scope of the invention as defined in the accompanying claims.

Claims (8)

1. A searchable encryption method facing to cloud environment and supporting fuzzy keyword sequencing is characterized in that: the method comprises the following steps:
firstly, establishing and initializing a system, and generating a public parameter PP, a master key MK and a key K;
step two, generating an index: the data owner extracts the keyword set W according to the plaintext document set D, generates a reverse index table and a fuzzy index table, and sends the reverse index table and the fuzzy index table to the cloud server;
the steps of generating the reverse index table are as follows:
(1) if n documents and m keywords exist, setting the order of the reverse index table as (n +1) × (m + 1);
(2) setting the element of the first column (i +1, 1) coordinate of the reverse index table as an encrypted document number Enc K (id(D i )),1≤i≤n;
(3) Setting the element of the first line (1, j +1) coordinate of the reverse index table as an encryption English keyword Enc K (W j ),1≤j≤m;
(4) Document D for elements of (i +1, j +1) coordinates of the rest elements in the inverted index table i And a keyword W j Correlation score of RF (W) j ,D i ) Filling;
(5) multiplying RF (W) by a random number r j ,D i );
(6) Generating a reverse index table;
the step of generating the fuzzy index table is as follows:
(1) setting a fuzzy index table to be of (Q +1) × (m +1) order;
(2) chinese keywords w according to the Shingle method j Shingle is vector S' j
(3) Performing Q times of minimum hash calculation on the vector S by using Q MinHash functions to obtain Q real numbers, and forming a signature vector by using the Q real numbers;
(4) setting the first row (1, j) of the fuzzy index table as an encrypted English keyword Enc K (W j ),1≤j≤m;
(5) Setting the element f of the rest (i +1, j) coordinates of the fuzzy index table qi :S′ j →R,1≤i≤Q;
(6) Generating a fuzzy index table;
step three, an encryption stage: the data owner encrypts the plaintext document set D by using the master key to generate a ciphertext document set CT, and sends the ciphertext document set CT to the cloud server;
step four, a trapdoor generation stage: constructing a trapdoor by a data user, encrypting the trapdoor and sending the trapdoor to a cloud server;
step five, a retrieval stage: after the cloud server receives the encrypted trapdoors, the trapdoors are obtained through decryption by using a private key of the cloud server, and the required documents are ordered according to the relevancy and sent to the data user;
step six, key obtaining stage: the data user sends the attribute set of the data user to the trusted authority, and if the attribute set of the data user can pass through the access control structure, the trusted authority sends the decryption key to the data user;
step seven, a decryption stage: and the data user decrypts the returned ciphertext document set to obtain the required plaintext document.
2. The cloud environment-oriented searchable encryption method supporting fuzzy keyword ranking according to claim 1, wherein: in the first step, the public parameter generating step is as follows:
(1) the data owner runs the setup function and selects a bilinear group G with the order of prime number p and generator G 0 Then from the minimal non-negative complete residual coefficient set Z of the prime number p p Selects three random numbers alpha, beta and r, and then issues common parameters
PP=G 0 ,g,h=g β ,e(g,g) α
(2) Setting the Master Key MK to (. beta., g) α ) Then a security parameter lambda is selected to generate a key
K=(0,1) λ
(3) The data owner specifies the access control structure tau.
3. The cloud environment-oriented searchable encryption method supporting fuzzy keyword ranking according to claim 2, wherein: the access control structure tau is a tree, and each leaf node in the tau is composed of an attribute and a threshold k x 1 is formed; a non-leaf node is a threshold gate consisting of its child nodes and a threshold; set num x Is the total number of child nodes, k, of node x in the tree x Is the threshold value, and k is set to 0. ltoreq. k x ≤num x If k is x 1, the threshold gate is an OR gate, if k x =num x AND the threshold gate is an AND gate.
4. The cloud environment-oriented searchable encryption method supporting fuzzy keyword ranking according to claim 2, wherein: the document encryption step comprises:
for each node x, including leaf nodes, in the access control structure tau, a polynomial q is selected x (ii) a Traversing the whole access tree from top to bottom starting from the root node R of the access control structure tau, and enabling the polynomial q x Degree d of x BijieThreshold k for point x x Small 1, i.e. d x =k x -1;
Starting from the root node R, the algorithm selects a random number s ∈ Z p Let q stand for R (0) S, then randomly select d R Defining other points; for any other node x, let q x (0)=q parent(x) (index (x)), and selecting the other d x Points are defined; let Y be the leaf node of τ, the document will encrypt according to the access tree line, compute the ciphertext CD:
Figure FDA0003734379600000031
wherein, the ciphertext CT ═ C 1 ,C 2 ,...,C n ,C i =D i e(g,g) αs ,1≤i≤n。
5. The cloud environment-oriented searchable encryption method supporting fuzzy keyword ranking according to claim 1, wherein: the trapdoor is constructed as follows:
1) representing the Chinese keyword w into a banded set;
2) generating the same random vector S' according to the strip set;
3) generating a signature vector T by using the same Q MinHash functions;
4) randomizing the signature vector T to obtain a vector T';
5) calculating the Euclidean norm d (T, T');
6) generating a trapdoor T according to the vector T', the Euclidean norm d and the total number num of the required documents w
6. The cloud environment-oriented searchable encryption method supporting fuzzy keyword ranking according to claim 5, wherein: the trapdoor is obtained by the following steps:
1) cloud server decrypts trapdoor T with own public key w Obtaining Euclidean norm d, a vector T', and a required document total num;
2) the expansion vector T' is a set L;
3) converting each signature vector T stored in the fuzzy index table into a set L ', and calculating the Jaccard similarity JS between the set L and the set L'; provided JS ≠ 0, the two sets are similar, provided JS ≠ 0, calculating the euclidean norm d 'between the signature vectors T and T';
4) the error between the Euclidean norm d' and the Euclidean norm d of the keyword does not exceed a threshold value epsilon;
5) and acquiring corresponding documents according to the reverse index table, acquiring the relevance scores of the documents and the keywords in the reverse index table, and sending the documents to the data user in an ordered manner according to the rule that the relevance scores are from large to small.
7. The cloud environment-oriented searchable encryption method supporting fuzzy keyword ranking according to claim 1, wherein: the concrete process of the step six is as follows: the trusted authority receives the attribute set Att, and if the attribute can be accessed to the control structure, the trusted authority selects a random number a E Z p And selecting a random number a for each attribute k ∈ Att k ∈Z p (ii) a Calculating a secret key
Figure FDA0003734379600000041
Introducing a recursive algorithm DecryptNode (CD, SK, x), if the node x is a leaf node, making
i Att (x), if i ∈ Att, then
Figure FDA0003734379600000042
If it is not
Figure FDA0003734379600000051
When x is not a leaf node, assuming z is all the child nodes of x, DecryptNode (CD, SK, z) is computed, and the output is stored as F z Let S stand out x Is of any sizeIs K x Is such that F z Not is equal to T; if no such set exists, the function returns ×; otherwise, calculating
Figure FDA0003734379600000052
Let a be DecryptNode (CD, SK, x);
trusted authority TAC sending
Figure FDA0003734379600000053
To the data user.
8. The cloud environment-oriented searchable encryption method supporting fuzzy keyword ranking according to claim 1, wherein: in step seven, decryption is performed by the following formula:
CT/(e(C,R)/A)=CT/(e(h s ,g (α+a)/β )/e(g,g) as )=D。
CN202011174402.5A 2020-10-28 2020-10-28 Searchable encryption method facing cloud environment and supporting fuzzy keyword sequencing Active CN112328626B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011174402.5A CN112328626B (en) 2020-10-28 2020-10-28 Searchable encryption method facing cloud environment and supporting fuzzy keyword sequencing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011174402.5A CN112328626B (en) 2020-10-28 2020-10-28 Searchable encryption method facing cloud environment and supporting fuzzy keyword sequencing

Publications (2)

Publication Number Publication Date
CN112328626A CN112328626A (en) 2021-02-05
CN112328626B true CN112328626B (en) 2022-09-30

Family

ID=74296219

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011174402.5A Active CN112328626B (en) 2020-10-28 2020-10-28 Searchable encryption method facing cloud environment and supporting fuzzy keyword sequencing

Country Status (1)

Country Link
CN (1) CN112328626B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115174568B (en) * 2022-06-23 2023-05-16 南京信息工程大学 Ciphertext retrieval method based on attributes

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109063509A (en) * 2018-08-07 2018-12-21 上海海事大学 It is a kind of that encryption method can search for based on keywords semantics sequence

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108156140B (en) * 2017-12-13 2020-10-30 西安电子科技大学 Multi-keyword searchable encryption method supporting numerical value attribute comparison
CN108062485A (en) * 2017-12-15 2018-05-22 北京工业大学 A kind of fuzzy keyword searching method of multi-service oriented device multi-user
CN108243000B (en) * 2018-01-12 2021-07-09 哈尔滨工业大学深圳研究生院 Ciphertext searching method in cloud storage system
CN108777623B (en) * 2018-05-03 2021-07-30 上海海事大学 Revocable public key encryption method based on fuzzy keyword search
CN109766314A (en) * 2019-01-07 2019-05-17 西安电子科技大学 Ciphertext data multi-key word searching method based on probability trapdoor

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109063509A (en) * 2018-08-07 2018-12-21 上海海事大学 It is a kind of that encryption method can search for based on keywords semantics sequence

Also Published As

Publication number Publication date
CN112328626A (en) 2021-02-05

Similar Documents

Publication Publication Date Title
CN113194078B (en) Sequencing multi-keyword search encryption method with privacy protection supported by cloud
CN107491497B (en) Multi-user multi-keyword sequencing searchable encryption system supporting query in any language
Fu et al. Achieving efficient cloud search services: multi-keyword ranked search over encrypted cloud data supporting parallel computing
CN106803784B (en) Lattice-based multi-user fuzzy searchable encryption method in secure multimedia cloud storage
Li et al. Enabling fine-grained multi-keyword search supporting classified sub-dictionaries over encrypted cloud data
Wang et al. Search in my way: Practical outsourced image retrieval framework supporting unshared key
WO2022099495A1 (en) Ciphertext search method, system, and device in cloud computing environment
CN109361644B (en) Fuzzy attribute based encryption method supporting rapid search and decryption
Chen et al. EliMFS: achieving efficient, leakage-resilient, and multi-keyword fuzzy search on encrypted cloud data
CN112332979B (en) Ciphertext search method, system and equipment in cloud computing environment
CN108111587B (en) Cloud storage searching method based on time release
CN106980796B (en) MDB-based cloud environment+Search method of tree multi-domain connection keywords
CN111104434B (en) Electronic medical recommendation method based on privacy protection multi-level attribute similarity
US11829503B2 (en) Term-based encrypted retrieval privacy
CN111177787B (en) Attribute-based connection keyword searching method in multi-data owner environment
Li et al. Multi-keyword fuzzy search over encrypted cloud storage data
Wang et al. An efficient and privacy-preserving range query over encrypted cloud data
Ren et al. Privacy-preserving ranked multi-keyword search leveraging polynomial function in cloud computing
CN112328626B (en) Searchable encryption method facing cloud environment and supporting fuzzy keyword sequencing
CN115495792B (en) Fuzzy keyword searchable encryption method and system with privacy protection function
CN114528370B (en) Dynamic multi-keyword fuzzy ordering searching method and system
Kamble et al. A study on fuzzy keywords search techniques and incorporating certificateless cryptography
Han et al. Vector Sum Range Decision for Verifiable Multiuser Fuzzy Keyword Search in Cloud-Assisted IoT
CN108319670A (en) The dynamic ranking searching method that can verify that based on cloud computing
CN113158245A (en) Method, system, equipment and readable storage medium for searching document

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant